-
Notifications
You must be signed in to change notification settings - Fork 8
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #101 from ConsumerDataStandardsAustralia/feature/8…
…7-web-based-tokens-in-client-cli Web Login integration with Client CLI
- Loading branch information
Showing
35 changed files
with
21,283 additions
and
57 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
{ | ||
"keys": [ | ||
{ | ||
"p": "yPPnr_O1OM68k6PrrNWKHewqmGMgXzT1ApgxI9IvR4F3bucJuo4LijUTjt4vqmwbeaFd_0uQQg2SukmpmZZwItD-f8WbP495hiCPikYQvF7wXvO_IjCTWubXW8iwcQQ_4EnQ7Xn8VFhAbSPPR2f7Kn92NG8sVF54VdRF5OcwFGE", | ||
"kty": "RSA", | ||
"q": "taDLDWgmiqKMpIV7oSjoVuj5ERZ2thBYYlwh2Wr4g9TQZnYjgJwiA6xVw9Os7rUebAZpNH3R5J38VSrc7NpWKszeeozrtWrVTlBFOlW8cJi_AQZtKsLQ6Lg7MUApgBc6_PXWTbMIKi_Q3s0cOrE9MCafob9vFazGB7n6QuyL5Z0", | ||
"d": "SFNC2W20F4srgwUu0l3y378Vl2FQZCE1hts7JIdqGnpOOiU1fFJD8Plyi4Z8WQyGjAt6UbejLh65Goc2X0Jn0b1Ojr2tbUu7gdAQZdZLDMBYHp7N4MSnaiEV4MLYrOx7i3Z8nFf8pXuBEKQa0CZ62pjALlP-STT-H9VGYyfo8Gd4WyLnfXFioHfDVohHvfoAZZ6L-B5hVozL7WDt_wDsPAP0n6OzhS891yjGtPOf44hMzbIB8HjlrunhLYUBGuEYTSqeMbgfVQDB5cvmjWN-tg_JI-KprE1VOg5x5__ZIP3wFQuU0LKct_C3-10ZIzJEE7jweETYDZVR_xRQ-r4bAQ", | ||
"e": "AQAB", | ||
"kid": "rsa1", | ||
"qi": "scUOO7I18o9_vqQl2Hg5bq-UVjgoi9zg-0zgH2n79_jbxH9Q3Sa3ASzRuJukcAkdRYFdXnWwRNrD61lnrI8gRoH_eiTK0DYOhztql-DWNzGvYdP8rJGQpuYlsKlnTnlNwJsiM4ujsWfX3QAgNzljJod5WHd_Wa6eLMmmfvrlNy4", | ||
"dp": "EHmWrCFB4UdpxHzy7HeRXESpdVbjJ4sS70SE-tfXkng1z3zXmljc71bMpLDonYNBeWZWa4DJcfDk76rsYbAov2H9C4Kq6Lodj3aJ7h8ybg8mi9JWADqVSiWU0GySsqFTj1Ld8ypGGrAlkA0YiFUpDWHn0gKvUrdwDDFcDZk6ouE", | ||
"alg": "RS256", | ||
"dq": "EthsOSflV90l2qw-96nW8a2aqjs6dgmcIhiNKpH-1y7tsLPxWxbYMKlg_MCp4NrKHUtM_zVO4fnChNO9uJWu-yHms7CLhHdhSo7pn_PlaYlvyBtymE0-f-cdvS57H99JL5YSdl1tK3NqqLN_ild5kdVwGshSLl2O7p5NaURB_8E", | ||
"n": "jpKqpCQkE8SzjdujeKMJo2W6x20UM3MRmmTzBAIlQKtRpAZXlALGKnQ89kpSNBc4ejuWNXRLgYwHhma6La70zhicrvsG6Cdeld9172NqhFCsedbapp7XMfJ6gjM7jScyjxW6_1emqJLI8eMLC0SCLAq9crAPv5cWcdWyapaN9n3XvPbkG9iPis6xVX3mKrC5DZ6hcOwmgsgTw92qH2i3XrixL3iQKoXKbCCKOfEWTB4aH9SBYJcpBmMALGRDogbHNFTpK0I7uGE1mxaPnEttsRf7u9yZsrfKwTZnE323w05F6r-fzcr0PZpAWGNH02vRBAkGaOxEv2Btg3UWR2JEfQ" | ||
} | ||
] | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
38 changes: 38 additions & 0 deletions
38
client-cli/src/main/java/au/org/consumerdatastandards/client/cli/auth/AuthConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,38 @@ | ||
package au.org.consumerdatastandards.client.cli.auth; | ||
|
||
import au.org.consumerdatastandards.client.cli.support.ApiClientOptions; | ||
import org.mitre.jose.keystore.JWKSetKeyStore; | ||
import org.mitre.openid.connect.client.keypublisher.JwkViewResolver; | ||
import org.mitre.openid.connect.view.JWKSetView; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.context.annotation.Bean; | ||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.context.annotation.ImportResource; | ||
import org.springframework.core.io.FileSystemResource; | ||
|
||
@Configuration | ||
@ImportResource({"classpath*:servlet-context.xml"}) | ||
public class AuthConfig { | ||
@Autowired | ||
protected ApiClientOptions apiClientOptions; | ||
|
||
@Bean | ||
public JwkViewResolver jwkViewResolver() { | ||
JwkViewResolver res = new JwkViewResolver(); | ||
res.setJwkViewName(JWKSetView.VIEWNAME); | ||
res.setJwk(jwkSetView()); | ||
return res; | ||
} | ||
|
||
@Bean | ||
public JWKSetView jwkSetView() { | ||
return new JWKSetView(); | ||
} | ||
|
||
@Bean | ||
public JWKSetKeyStore keyStore() { | ||
JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore(); | ||
jwkSetKeyStore.setLocation(new FileSystemResource(apiClientOptions.getJwksPath())); | ||
return jwkSetKeyStore; | ||
} | ||
} |
26 changes: 26 additions & 0 deletions
26
client-cli/src/main/java/au/org/consumerdatastandards/client/cli/auth/AuthController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
package au.org.consumerdatastandards.client.cli.auth; | ||
|
||
import au.org.consumerdatastandards.client.cli.support.ApiClientOptions; | ||
import au.org.consumerdatastandards.client.cli.support.ApiUtil; | ||
import org.mitre.openid.connect.model.OIDCAuthenticationToken; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.security.access.prepost.PreAuthorize; | ||
import org.springframework.security.core.context.SecurityContextHolder; | ||
import org.springframework.stereotype.Controller; | ||
import org.springframework.web.bind.annotation.GetMapping; | ||
|
||
@Controller | ||
public class AuthController { | ||
@Autowired | ||
private ApiClientOptions clientOptions; | ||
|
||
@GetMapping("/auth") | ||
@PreAuthorize("hasRole('ROLE_USER')") | ||
public String auth() throws InterruptedException { | ||
OIDCAuthenticationToken auth = (OIDCAuthenticationToken) SecurityContextHolder.getContext().getAuthentication(); | ||
clientOptions.setAccessToken(auth.getAccessTokenValue()); | ||
clientOptions.setRefreshToken(auth.getRefreshTokenValue()); | ||
ApiUtil.browserMutex.put(this); | ||
return "auth"; | ||
} | ||
} |
14 changes: 14 additions & 0 deletions
14
...java/au/org/consumerdatastandards/client/cli/auth/ClientWebSecurityConfigurerAdapter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
package au.org.consumerdatastandards.client.cli.auth; | ||
|
||
import org.springframework.context.annotation.Configuration; | ||
import org.springframework.security.config.annotation.web.builders.HttpSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; | ||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; | ||
|
||
@Configuration | ||
@EnableWebSecurity | ||
public class ClientWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter { | ||
@Override | ||
protected void configure(HttpSecurity http) { | ||
} | ||
} |
23 changes: 23 additions & 0 deletions
23
client-cli/src/main/java/au/org/consumerdatastandards/client/cli/auth/JwkController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
package au.org.consumerdatastandards.client.cli.auth; | ||
|
||
import com.nimbusds.jose.jwk.JWK; | ||
import org.mitre.jwt.signer.service.JWTSigningAndValidationService; | ||
import org.mitre.openid.connect.view.JWKSetView; | ||
import org.springframework.beans.factory.annotation.Autowired; | ||
import org.springframework.stereotype.Controller; | ||
import org.springframework.web.bind.annotation.GetMapping; | ||
import org.springframework.web.servlet.ModelAndView; | ||
|
||
import java.util.Map; | ||
|
||
@Controller | ||
public class JwkController { | ||
@Autowired | ||
private JWTSigningAndValidationService signingAndValidationService; | ||
|
||
@GetMapping("/jwk") | ||
public ModelAndView jwk() { | ||
Map<String, JWK> keys = signingAndValidationService.getAllPublicKeys(); | ||
return new ModelAndView(JWKSetView.VIEWNAME, "keys", keys); | ||
} | ||
} |
12 changes: 12 additions & 0 deletions
12
client-cli/src/main/java/au/org/consumerdatastandards/client/cli/auth/LoginController.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
package au.org.consumerdatastandards.client.cli.auth; | ||
|
||
import org.springframework.stereotype.Controller; | ||
import org.springframework.web.bind.annotation.GetMapping; | ||
|
||
@Controller | ||
public class LoginController { | ||
@GetMapping("/login") | ||
public String auth() { | ||
return "login"; | ||
} | ||
} |
27 changes: 27 additions & 0 deletions
27
...java/au/org/consumerdatastandards/client/cli/auth/UnblockingOIDCAuthenticationFilter.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
package au.org.consumerdatastandards.client.cli.auth; | ||
|
||
import au.org.consumerdatastandards.client.cli.support.ApiUtil; | ||
import org.mitre.openid.connect.client.OIDCAuthenticationFilter; | ||
import org.springframework.security.core.Authentication; | ||
import org.springframework.security.core.AuthenticationException; | ||
|
||
import javax.servlet.ServletException; | ||
import javax.servlet.http.HttpServletRequest; | ||
import javax.servlet.http.HttpServletResponse; | ||
import java.io.IOException; | ||
|
||
public class UnblockingOIDCAuthenticationFilter extends OIDCAuthenticationFilter { | ||
@Override | ||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { | ||
try { | ||
return super.attemptAuthentication(request, response); | ||
} catch (Exception e) { | ||
try { | ||
ApiUtil.browserMutex.put(e); | ||
} catch (InterruptedException ex) { | ||
// Safe to ignore | ||
} | ||
throw e; | ||
} | ||
} | ||
} |
Oops, something went wrong.